Monitoring and Security

X-Pack monitoring consists of two components: an agent
that you install on on each Elasticsearch and Logstash node, and a Monitoring UI
in Kibana. The monitoring agent collects and indexes metrics from the nodes
and you visualize the data through the Monitoring dashboards in Kibana. The agent
can index data on the same Elasticsearch cluster, or send it to an external
monitoring cluster.

To use X-Pack monitoring with X-Pack security enabled, you need to
set up Kibana to work with X-Pack security
and create at least one user for the Monitoring UI. If you are using an external
monitoring cluster, you also need to configure a user for the monitoring agent
and configure the agent to use the appropriate credentials when communicating
with the monitoring cluster.

Setting Up Monitoring UI Users

When X-Pack security is enabled, Kibana users are prompted to log in when they access
the UI. To use the Monitoring UI, a user must have access to the Kibana indices
and permission to read from the monitoring indices.

You set up Monitoring UI users on the cluster where the monitoring data is being
stored. To grant all of the necessary permissions, assign the user the
monitoring_user and kibana_user roles:

If you’re using the native realm, you can assign roles through Kibana or
with the User Management API. For example, the following
command creates a user named jacknich and assigns him the kibana_user and
monitoring_user roles:

If you are using an LDAP or Active Directory realm, you can either assign roles
on a per user basis, or assign roles to groups of users. By default, role mappings
are configured in config/x-pack/role_mapping.yml. For example,
the following snippet assigns the user named Jack Nicholson to the kibana_user
and monitoring_user roles: